Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Microsoft IE exploit code unreliable, but more coming
Microsoft begins paving path for IT, cloud integration
Ciena will pay $769M for Nortel's metro Ethernet business
Malware enlists jailbroken iPhones for botnet
Check Point tackles Web 2.0 apps and social-site widget control
Cisco's free iPhone app grabs security feeds
New attack fells Internet Explorer
Global warming research exposed after hack
The broadband gap: Is FCC grabbing for the wrong tool?
Verizon suit a 'gamble worth taking' for AT&T, says IP lawyer
IBM smartphone software translates 11 languages
Intel: Don't look for one device to do it all
Google adding IPv6 to YouTube
Atlantis astronauts: Final spacewalk, preparing for Earth trip
Broadband stimulus grants delayed
/

Active Directory skinny

Today's breaking news
Send to a friendFeedback

By TOM HENDERSON
Network World, 01/03/00

The Active Directory is a database of network objects.

All Active Directory objects are named in accordance to ANSI X.500 naming structure and are connected to each other via a Domain Name Service (DNS) system. The schema of the default directory is highly extensible, but for sanity's sake, it's necessary to go through the drill of initial naming service deployment if you don't already have one.

Microsoft divides the Active Directory into sites for replication purposes. Each site must have a working DNS infrastructure and correct pointers inserted into the local DNS database. While this is easy to do for those experienced in TCP/IP and DNS; it's a mandatory step for successful replication inside and across sites.

The Active Directory uses a multimaster replication model. This means that unlike Windows NT 4.0 resource/user domains, no trust needs to be established among domains. Trusts can be established between different forests, the most elemental object of a domain, but this duplicates resources and starts to emulate the same problems associated with NT domain structures. Fortunately, few organizations will need to construct their Active Directory services to support multiple forests with trust relationships.

Each site has a "bridgehead" server that's the sole link to other sites. In turn, records are inserted into the Active Directory that describe the underlying TCP/IP infrastructure of the site. The bridgehead server needs to know the topological infrastructure information to correctly talk to other domain controllers not only within the site, but also outside of the site.

Microsoft recommends that there be at least two domain controllers within each site for availability reasons. Sites that use a single domain controller - especially when that controller is also used as a router - lose contact and resources with the underlying network infrastructure when the domain controller dies for whatever reason. This isn't unusual.

If you already have a DNS convention deployed on your site, the job of designing and deploying Active Directory will be easier than if you don't have one in place. Delineating sites, then choosing replication techniques is then a matter of deciding on a replication schedule, replication polling intervals and how to assign link cost values.

We found that planning the design of the Active Directory pays handsomely for group control, which is the crux of the IntelliMirror functionality and dictate the user database will be populated from an NT 4.0 domain or another Lightweight Directory Access Protocol directory.

Large organizations that use a complex set of NT 4.0 domain trust relationships have done so either to accommodate the limitations on those domains in terms of user size (2048 suggested per domain) or WAN circuit speed limitations (to keep directory delta transmission accommodated) will need to take time to re-organize the relationships as the trust model changes in the Active Directory to a full peer model. The links and relationships that let you use both the Active Directory and pieces of an existing domain model can get tricky. Products such as Elite's Enterprise Suite can aid in the migration-from-NT-domains process more easily than Microsoft's studied approach.

RELATED LINKS

Back to the main review of Windows 2000


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.