Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Apple tops the $100B+ tech club
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
Microsoft details Windows 8 for ARM devices
Blogger exposes major Google Wallet security flaw
Web app lets enterprise set security, sharing for Google Apps users
Cloudscaling to offer OpenStack private cloud platform
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
Resume Makeover: How an Information Security Professional Can Target CSO Jobs
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
/

Active Directory skinny

Today's breaking news
Send to a friendFeedback

By TOM HENDERSON
Network World, 01/03/00

The Active Directory is a database of network objects.

All Active Directory objects are named in accordance to ANSI X.500 naming structure and are connected to each other via a Domain Name Service (DNS) system. The schema of the default directory is highly extensible, but for sanity's sake, it's necessary to go through the drill of initial naming service deployment if you don't already have one.

Microsoft divides the Active Directory into sites for replication purposes. Each site must have a working DNS infrastructure and correct pointers inserted into the local DNS database. While this is easy to do for those experienced in TCP/IP and DNS; it's a mandatory step for successful replication inside and across sites.

The Active Directory uses a multimaster replication model. This means that unlike Windows NT 4.0 resource/user domains, no trust needs to be established among domains. Trusts can be established between different forests, the most elemental object of a domain, but this duplicates resources and starts to emulate the same problems associated with NT domain structures. Fortunately, few organizations will need to construct their Active Directory services to support multiple forests with trust relationships.

Each site has a "bridgehead" server that's the sole link to other sites. In turn, records are inserted into the Active Directory that describe the underlying TCP/IP infrastructure of the site. The bridgehead server needs to know the topological infrastructure information to correctly talk to other domain controllers not only within the site, but also outside of the site.

Microsoft recommends that there be at least two domain controllers within each site for availability reasons. Sites that use a single domain controller - especially when that controller is also used as a router - lose contact and resources with the underlying network infrastructure when the domain controller dies for whatever reason. This isn't unusual.

If you already have a DNS convention deployed on your site, the job of designing and deploying Active Directory will be easier than if you don't have one in place. Delineating sites, then choosing replication techniques is then a matter of deciding on a replication schedule, replication polling intervals and how to assign link cost values.

We found that planning the design of the Active Directory pays handsomely for group control, which is the crux of the IntelliMirror functionality and dictate the user database will be populated from an NT 4.0 domain or another Lightweight Directory Access Protocol directory.

Large organizations that use a complex set of NT 4.0 domain trust relationships have done so either to accommodate the limitations on those domains in terms of user size (2048 suggested per domain) or WAN circuit speed limitations (to keep directory delta transmission accommodated) will need to take time to re-organize the relationships as the trust model changes in the Active Directory to a full peer model. The links and relationships that let you use both the Active Directory and pieces of an existing domain model can get tricky. Products such as Elite's Enterprise Suite can aid in the migration-from-NT-domains process more easily than Microsoft's studied approach.

RELATED LINKS

Back to the main review of Windows 2000


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.